I-librarian » I, Librarian : Security Vulnerabilities, CVEs,
I, Librarian 4.10 has XSS via the notes.php notes parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-04-22
Updated
2019-04-23
I, Librarian 4.10 has XSS via the export.php export_files parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-04-22
Updated
2019-04-22
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
Max CVSS
6.1
EPSS Score
0.13%
Published
2019-04-20
Updated
2019-04-22
I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea.
Max CVSS
10.0
EPSS Score
0.25%
Published
2018-03-13
Updated
2018-04-13
4 vulnerabilities found